Dương "Kai" Phạm

"we’re protecting (and spending money on protecting) the wrong things, and we’re hurting productivity in the process" -- "Thinking security"

@Restructuring__ @grok what is the source of this video?

This is a really great video 1) She actually works in investment banking in a front office role, and therefore her nights are an actual representation of the job 2) This shows that even with long hours, you can go to sleep at 1AM and have a perfectly sustainable lifestyle 3) If you are tired of turning comments after 10pm, the buy-side is actually better

@jasonfried Awesome intro as usual. Looking for a pre-order soon!

Whenever it feels like it's time to write another book, I start by writing the intro. I aim to keep it around a few hundred words, and I only give myself a few minutes to write it. If it feels like a struggle, I'm not proud of it, or it's just no good, then it's not the right time to write a new book. I don't try again. I wait. Sometimes months. Then, once it feels like it might be time again, I start again. I did this a few months ago and it didn't get anywhere. And then yesterday, spurred on by sparky friction here on X, I just felt the urge to write. I like it. I think we have the beginnings of a new book (co-authored with @dhh, of course). The working title is "Making it up as you go". Here's the introduction: --- This book presents a new approach to work. One we’ve been working on, and working under, for nearly three decades. No theory, abstractions, or anything academic. Just real stuff. It’s not a business book about numbers, metrics, OKRs, KPIs, forecasting, targets, goals, estimates or other conveniently measurable things. They say you can only manage what you can measure. Bullshit. It’s not a business book about certainty, either. Not chasing it, not craving it, not seeking it out. They say you should know everything about what you’re about to do before you do it. Bullshit. It’s also not a business book about big. It’s not about growth, or fundraising, or scaling, or competing, or winning. They say the only worthy way is up and to the right at all costs. Bullshit. If you want traditional business books like that, there are a billion on the shelf. Throw a dart, pick one up, and you’ll have read nearly all of them once you’ve read one of them. This is a book about making it up as you go. About developing and following your intuition and gut. About finding a sustainable orbit and settling in. About making lots of small reversible decisions rather than big, scarring, permanent ones. It’s a book about wandering ahead now, rather than walking a path you set before. About playing it out, rather than planning it out. About doing what you think, rather than doing what you thought. About exercising independence, rather than getting in line. Because you don’t run a business, you ride it. This book is the story of how we’ve built our business, 37signals, one day a time over 26 profitable years, without paranoia, without fear, and without worrying that we don’t know where we’re going. Still. On these pages, we’ll show you how making it up as you go applies to management, strategy, product development, design, technology, customer service, hiring, marketing, writing, and, ultimately, thriving long-term in a highly competitive market by not paying attention to all the things that simply don’t matter. Let’s get into it.

My mental model is that cybersecurity is an economics game where the better security engineering wins at either of offense or defense. Yes, there are social engineering and insiders, but those are also best solved as attack economics-prioritized engineering problems.

In management parlance, an asshole is someone who cares less about feelings or effort and more about outcomes.

@jhencinski @rapid7 Oh, it's quite suprising. But hope to see more your rational thoughts on new chapter.

Big news! I've joined @rapid7 as VP of Threat Detection and Response. Energized to lead our #MDR into its next phase of growth. My focus: revolutionizing the #SOC by reimagining the analyst experience and pushing the boundaries of threat detection to deliver industry-leading outcomes for our customers. And yes - for those who know me, data science and capacity modeling will be key drivers of excellence 📊. At the heart of this is delivering exceptional outcomes for our customers while creating an amazing experience for our analyst team. Excited for this next chapter! 🚀

@jotunvillur @jhencinski Hope to see it related to SecOps

@jhencinski Oh I can’t wait!!!

Last September, myself and a few other colleagues left a thriving startup to go build something that we believe will change the face of IT. It's been a typical blend of startup challenges—stress, fear of the unknown, and uncertainty, but also exhilarating! I can't wait to share with everyone what we've been working on.

"Make your own business work. It doesn't matter what everyone else is doing. More heads down, less looking around. The competition is your spending." world.hey.com/jason/you-only…

"whatever the problem, it is good to be open with it so everyone can set expectations appropriately"

@GergelyOrosz Shared our experience of logging here, maybe it’ll help: zerodha.tech/blog/logging-a…

As you scale your security program it's important to not diminish the capability of individually excellent people - you want your to amplify individuals to make their actions scale rather than commoditize performance to a lowest common denominator. philvenables.com/post/deliverin…

@jhencinski I didn't see the Q4/2022 report. Why doesn't it exist?

Findings from our Q1 TR: 1. Identity attacks accounted for 57% of incidents–most in #M365 2. M365 session cookie theft for initial access is ⬆️ 3. Zipped JScript, ISO, LNK, HTA most common entry point for pre-ransomware 4. Exploit of s/w vuln 👀 in < 5% of incidents More ⬇️

Be on the lookout for Eviltalik, the cyber attacker you need to know about.🧵

McKinsey makes $500,000+ on a single presentation. You can learn their simple framework below (for free):

50 UI Design Tips by pixselacademy Complete thread 🧵

@veorq haha, my question for a long time. Not sure why I asked this. Seems when playing CTF.

advanced cryptanalysis reddit.com/r/crypto/comme…

Have you ever been #rugpulled or scammed? Don't worry, @MistTrack_io is here to help. 📣Participate in the #MistTrack platform early access📣 🎁10 lucky winners 1⃣Follow @SlowMist_Team and @MistTrack_io 2⃣Retweet this post 3⃣DM us your email address

10 thoughts on predicting future trends.

Big news! After a long wait, I'm excited to publicly release my doctoral dissertation, "The Analyst Mindset: A Cognitive Skills Assessment of Digital Forensic Analysts". You can download it here: chrissanders.org/2021/12/disser….

I've created an overview of the Smart Contract Auditing Process for pentesters, devs, bug bounty, or anyone vested in blockchain security. Shoutout @Mudit__Gupta who really helped solidify this process from his walkthroughs. #bugbountytips #infosec #web3 #CyberSecurity

Want to scale Agile? Don't. Continuously descale the work. Descaling the work IS scaling agility. Smaller teams, smaller increments of value, alleviating impediments to flow, breaking dependencies, with high alignment via OKRs, safety and minimal viable guardrails. #BVSSH